Data security threat models --------------------------- A quick side note first: welcome to the newest resident of circumlunar.space, moji! Moji already has a nice ASCII title page, and got the first entry in their phlog[1] up in no time flat! The next person to throw their gophery lot in with the Zaibatsu will have the esteemed honour of being the fifteenth sundog! Will it be you? Here is the promised followup to my earlier post[2], another contribution to the "data security ratings" discussion which is going around. I previously wrote that I didn't think the 1-10 rating scale was an especially productive way to think about personal data security (although, surely, it's a fun one!). Much more useful is a good understanding of concrete threat models. It's better to think of your personal data security in terms of concrete threats (events, or actors with certain capabilities) which you have tried to protect yourself against. Different threats have different degrees of possible damage but also different likelihoods of actually happening to you. The only rational approach (and I don't pretend to take a solely rational approach to this, I find it a strange kind of fun "sport" to guard against low-likelihood threats) is to expend your energy in proportion to probable damage. For the average person, probably the greatest threat to your personal data security is simply the possibility of losing it due to sudden hardware failure. The only antidote to this is a good backup scheme, which is something almost every contributor to the converation has admitted to not having, which is unsurprising. Backing up is not sexy cypherpunk business, it's dull, but it's more likely to actually save your bacon than Tor is. I suspect the next most important threat to consider for the average person comes from device theft. Having your phone or laptop stolen obviously carries with it the consequence of losing data which hasn't been backedup, but unlike device failure it carries the additional risk of the thief ending up with access to data or credentials. Your device very probably remembers e.g. the password to various online accounts. The bare minimum countermeasure to address this is configuring your device to automatically lock itself after a short period of inactivity, and using a strong password for unlocking it. Encrypting the underlying storage is a better solution. I guess something should probably be said about "cybercrime" or identity theft, but I'm not really sure what to say. This is something the mainstream media is constantly insisting is on the rise, but neither I nor anybody I know has ever had any personal experience with it. I'm tempted to think it only happens to "level 0" users, but I dunno. Ransomware gets a lot of media attention, but the answer to that is simply a good backup scheme (notice a pattern here?). Staying up to date on OS and especially browser updates, and generally not being clueless about things like phishing are probably the primary defences here. A very salient point for the average person to consider is the risk of data breaches against third party websites which hold their data. The average person maintains lots of these, and each of them holds the data for a lot of people, making them appealing targets for attackers. I think this is a much more probable data threat for most people than a targetted attack on their personal machines. The relevant machines are completely out of your control here, so the only sensible strategy you can take is to minimise the damage in the event of a breach. Not reusing passwords is probably the most important thing here, so that one account breach at a site which stores passwords in plaintext (which, sadly, is not uncommon) does not lead to follow on breaches. And, of course, providing the absolute bare minimum amount of personal information in order for the service to be useful. If a service doesn't actually need your genuine birthday for any legitimate reason, give them your "internet birthday". If a site forces you to answer "security questions" for password recovery, don't given truthful answers to questions which would facilitate identity theft if they were leaked (e.g. mother's maiden name). Make something up, and keep a note of it written down somewhere so you can remember it later to reset your password. These are by no means the only threats most people face, but if you sum over all threats, multiplying expected damage by probability of occuring, I think the stuff above makes a larger contribution to the total than everything else, for most people. In a practical sense, somebody who takes steps to address all of the above is arguably better off than a super 1337 VPN/GPG/Tor using "level 10" user who hasn't backed up their shit in years. How is this that different to thinking in terms of "ratings"? Can't you just enumerate all the threats in order of how scary they are, and rank people based on the scariest threat they have completely protected themselves against (expanding beyond the threats above to include surveillance companies like Facebook or Google and also government surveillance)? Well, you could, and this probably makes more sense than ranking people based purely in terms of practices, with no consideration of which concrete threats the practices mitigate and how well they do so. But the ranking of the threats is arbitrary, as the important details of how likely you are to face them and how much damage they can do is different for each user. I think the point I wanted to make was that you shouldn't fixate on ideas like "this year, I want to learn skills and take measures to make myself a rank 6!", but rather think in terms of "it would really suck if X happened to me, and I don't think it's at all impossible that X might happen, so I want to make changes so that if X happens, my suffering will be as low as possible". [1] gopher://circumlunar.space:70/1/~moji/phlog [2] gopher://circumlunar.space:70/0/~solderpunk/phlog/data-security-ratings.txt